x/vulndb: potential Go vuln in github.com/juju/juju: GHSA-85qf-6845-m8p2

Advisory GHSA-85qf-6845-m8p2 references a vulnerability in the following Go modules:

Module
github.com/juju/juju

Description:

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references.

Original Description

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

References:

Cross references:

github.com/juju/juju appears in 3 other report(s):
- data/excluded/GO-2023-1598.yaml (https://github.com/golang/vulndb/issues/1598) NOT_IMPORTABLE
- data/reports/GO-2024-3010.yaml (https://github.com/golang/vulndb/issues/3010)
- data/reports/GO-2024-3040.yaml (https://github.com/golang/vulndb/issues/3040)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/juju/juju
      versions:
        - fixed: 0.0.0-20241001032836-2af7bd8e310b
summary: 'Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability in github.com/juju/juju'
ghsas:
    - GHSA-85qf-6845-m8p2
references:
    - advisory: https://github.com/advisories/GHSA-85qf-6845-m8p2
    - web: https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-8038
    - web: https://www.cve.org/CVERecord?id=CVE-2024-8038
notes:
    - fix: 'github.com/juju/juju: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version'
source:
    id: GHSA-85qf-6845-m8p2
    created: 2024-10-02T22:01:20.794766827Z
review_status: UNREVIEWED

golang / vulndb

x/vulndb: potential Go vuln in github.com/juju/juju: GHSA-85qf-6845-m8p2 #3176

Duplicate Advisory

Original Description